CVE-2020-6072
published 2020-03-24CVE-2020-6072: An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS…
PriorityP354critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.64%
88.1th percentile
An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode function's return value is not checked, leading to a double free that could be exploited to execute arbitrary code. An attacker can send an mDNS message to trigger this vulnerability.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | libmicrodns | < libmicrodns 0.2.0-1 (forky) | libmicrodns 0.2.0-1 (forky) |
| debian | vlc | < libmicrodns 0.2.0-1 (forky) | libmicrodns 0.2.0-1 (forky) |
| videolabs | libmicrodns | — | — |
| videolabs | libmicrodns | >= 0 < 0.2.0-1 | 0.2.0-1 |
| videolabs | libmicrodns | >= 0 < 0.2.0-1 | 0.2.0-1 |
| videolabs | libmicrodns | >= 0 < 0.0.8-1ubuntu0.1~esm1 | 0.0.8-1ubuntu0.1~esm1 |
| videolan | vlc_media_player | >= 0 < 3.0.8-4 | 3.0.8-4 |
| videolan | vlc_media_player | >= 0 < 3.0.8-4 | 3.0.8-4 |
| videolan | vlc_media_player | >= 0 < 3.0.8-4 | 3.0.8-4 |
| videolan | vlc_media_player | >= 0 < 3.0.8-4 | 3.0.8-4 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
libmicrodns vulnerabilities
vendor_ubuntu·2025-01-28·CVSS 7.5
CVE-2020-6072 [HIGH] libmicrodns vulnerabilities
Title: libmicrodns vulnerabilities
Summary: Several security issues were fixed in libmicrodns.
It was discovered that libmicrodns could recursively follow the same
compression pointer, leading to an infinite loop. An attacker could
possibly use this issue to cause a denial of service. (CVE-2020-6071)
It was discovered that libmicrodns did not check the return value of the
rr_decode function, which could lead to a double free. An attacker could
possibly use this issue to execute arbitrary code. (CVE-2020-6072)
It was discovered that libmicrodns incorrectly handled certain inputs,
which could lead to an integer overflow. An attacker could possibly use
this issue to cause a denial of service. (CVE-2020-6073)
It was discovered that libmicrodns incorrectly handled certain inputs,
which cou
Debian
CVE-2020-6072: libmicrodns - An exploitable code execution vulnerability exists in the label-parsing function...
vendor_debian·2020·CVSS 9.8
CVE-2020-6072 [CRITICAL] CVE-2020-6072: libmicrodns - An exploitable code execution vulnerability exists in the label-parsing function...
An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode function's return value is not checked, leading to a double free that could be exploited to execute arbitrary code. An attacker can send an mDNS message to trigger this vulnerability.
Scope: local
forky: resolved (fixed in 0.2.0-1)
sid: resolved (fixed in 0.2.0-1)
trixie: resolved (fixed in 0.2.0-1)
OSV
libmicrodns vulnerabilities
osv·2025-01-28·CVSS 7.5
CVE-2020-6071 [HIGH] libmicrodns vulnerabilities
libmicrodns vulnerabilities
It was discovered that libmicrodns could recursively follow the same
compression pointer, leading to an infinite loop. An attacker could
possibly use this issue to cause a denial of service. (CVE-2020-6071)
It was discovered that libmicrodns did not check the return value of the
rr_decode function, which could lead to a double free. An attacker could
possibly use this issue to execute arbitrary code. (CVE-2020-6072)
It was discovered that libmicrodns incorrectly handled certain inputs,
which could lead to an integer overflow. An attacker could possibly use
this issue to cause a denial of service. (CVE-2020-6073)
It was discovered that libmicrodns incorrectly handled certain inputs,
which could lead to a out-of-bounds read. An attacker could possibly use
this
GHSA
GHSA-jqrj-pmvg-62w8: An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0
ghsa_unreviewed·2022-05-24
CVE-2020-6072 [HIGH] CWE-415 GHSA-jqrj-pmvg-62w8: An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0
An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode function's return value is not checked, leading to a double free that could be exploited to execute arbitrary code. An attacker can send an mDNS message to trigger this vulnerability.
OSV
CVE-2020-6072: An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0
osv·2020-03-24·CVSS 9.8
CVE-2020-6072 [CRITICAL] CVE-2020-6072: An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0
An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode function's return value is not checked, leading to a double free that could be exploited to execute arbitrary code. An attacker can send an mDNS message to trigger this vulnerability.
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: Multiple vulnerabilities in Videolabs libmicrodns
blogs_talos·2020-03-23·CVSS 7.5
[HIGH] Vulnerability Spotlight: Multiple vulnerabilities in Videolabs libmicrodns
## Vulnerability Spotlight: Multiple vulnerabilities in Videolabs libmicrodns
Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.
A specific library in the Videolabs family of software contains multiple vulnerabilities that could lead to denial of service and code execution. Videolabs is a company founded by VideoLAN members and is the current editor of the VLC mobile applications and one of the largest contributors to VLC. They also
develop libmicrodns, a library which is used by VLC media player for mDNS services discovery. The libmicrodns library contains multiple vulnerabilities that could allow attackers to carry out a variety of malicious actions, including causing a denial of service and gaining the ability to execute arbitrary code.
In accordan
Talos
Vulnerability Spotlight: Multiple vulnerabilities in Videolabs libmicrodns
blogs_talos·2020-03-23·CVSS 7.5
[HIGH] Vulnerability Spotlight: Multiple vulnerabilities in Videolabs libmicrodns
Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.
A specific library in the Videolabs family of software contains multiple vulnerabilities that could lead to denial of service and code execution. Videolabs is a company founded by VideoLAN members and is the current editor of the VLC mobile applications and one of the largest contributors to VLC. They also
develop libmicrodns, a library which is used by VLC media player for mDNS services discovery. The libmicrodns library contains multiple vulnerabilities that could allow attackers to carry out a variety of malicious actions, including causing a denial of service and gaining the ability to execute arbitrary code.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Videolabs to
https://security.gentoo.org/glsa/202005-10https://talosintelligence.com/vulnerability_reports/TALOS-2020-0995https://www.debian.org/security/2020/dsa-4671https://security.gentoo.org/glsa/202005-10https://talosintelligence.com/vulnerability_reports/TALOS-2020-0995https://www.debian.org/security/2020/dsa-4671
2020-03-24
Published